Thanks a lot pour your answer. I tried to have three "database ldap" and a database relay that would direct to only one, depending on the search filter. But I can't manage to quit the "database relay" paragraph when the condition ".*-b" or "*-c" matches. For example, if "uid=toto-b", it should search through "ou=b,ou=mysociety", i.e. via the second "database ldap", but in spite of the ":@", it does also the following "suffixmassage" so the search base in every case is "ou=a,ou=mysociety". Also the part beginning with "overlay rwm" and ending with "rwm-rewriteContext default" doesn't seem to make any difference.
My slapd.conf looks like:
database relay suffix "ou=virtual,ou=mysociety" overlay rwm rwm-rewriteEngine on rwm-rewriteContext searchFilter rwm-suffixmassage ou=b,ou=mysociety rwm-rewriteRule "(.*-b))" "%1,ou=divers,ou=b,ou=mysociety" ":@" rwm-suffixmassage "ou=b,ou=mysociety" "ou=c,ou=mysociety" #rwm-rewriteRule "ou=b,ou=mysociety" "ou=c,ou=mysociety" rwm-rewriteRule "(.*-dgi))" "%1,ou=personnes,ou=c,ou=mysociety" ":@" rwm-suffixmassage "ou=c,ou=mysociety" "ou=a,ou=mysociety" #rwm-rewriteRule "ou=c,ou=mysociety" "ou=a,ou=mysociety"
database ldap suffix ou=a,ou=mysociety rebind-as-user uri ldap://127.0.0.1:390
database ldap uri ldap://127.0.0.1:391 suffix "ou=b,ou=mysociety" rebind-as-user #overlay rwm #rwm-rewriteEngine on #rwm-rewriteContext searchFilter #rwm-rewriteRule "^(.+),ou=b,ou=mysociety,c=fr$" "$1" ":@" #rwm-rewriteContext default
database ldap uri ldap://10.127.0.0.1:392 suffix "ou=c,ou=mysociety" rebind-as-user
Pierangelo Masarati a écrit :
yamina wrote:
Hello, I want to use the "LDAP Proxy resolution" mode related in the "slapd-meta" man but I don't manage to make it works. I wonder if it is implemented yet because I saw a message dated Fri, 16 Jan 2004 17:09:10 +0100 in which the same problem is not solved.
That man page is a copy and paste from a white paper. That feature is a TODO and should be removed from the man page.
You might be able to obtain something like that by using a proxy that statically maps a given subtree to a given server. Something like
database relay suffix "dc=virtual" overlay rwm ...
rwm rules that rewrite the base DN of a search based on the contents of the filter (not a trivial rule, though) to a temporary DN like (uid=*-b) -> $BASEDN,dc=server1 (uid=*-c) -> $BASEDN,dc=server2 ...
Then add
database ldap suffix "dc=server1" overlay rwm rwm-rewriteEngine on rwm-rewiteContext searchDN rwm-rewriteRule "^(.+),dc=server1$" "$1" "@:" rwm-rewiteContext default
database ldap suffix "dc=server2" overlay rwm rwm-rewriteEngine on rwm-rewiteContext searchDN rwm-rewriteRule "^(.+),dc=server2$" "$1" "@:" rwm-rewiteContext default
...
and so on. The whole thing may need quite a bit of shakedown, and is going to be far from efficient, though.
p.